package com.study.student_chuji.demos.controller;

import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;

@Controller
public class HelloController {
    @RequestMapping("/hello")
    public String Hello(Model model) {
        model.addAttribute("msg", "Spring 安全管理");
        return "Hello";
    }
    @RequestMapping("/level1/1")
    @PreAuthorize("hasRole('ROLE_ADMIN')")
    public String level1(){
        return "level1/1";
    }

    @RequestMapping("/level2/1")
    @PreAuthorize("hasRole('ROLE_USER')")
    public String level2(){
        return "level2/1";
    }

    @RequestMapping("/403")
    public String noAuth(){
        return "403";
    }
}